Welcome!

@CloudExpo Authors: Ed Featherston, Elizabeth White, Kevin Benedict, Pat Romanski, Liz McMillan

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Containers Expo Blog, Machine Learning , Agile Computing

@CloudExpo: Article

Do You Want to Know What You Don’t Know?

Don't be a company paralyzed by the status quo

In my experience there are two types of enterprise IT departments: those that maintain the status quo and those looking to continuously explore and improve.

It is truly unfortunate how many fall into the former category.  But the problem with IT security is that it's an ever-evolving and moving target. So the decision to not dip your toe in the water and understand all available options could mean the difference between a panicked 3am call regarding a breach alert or a good night’s sleep.

I realize this is an over generalization, and oftentimes the decision to “stay the course” is not in the hands of IT. There are budget concerns. There are personnel limitations. There are higher perceived priorities. There are complex layers of interdepartmental decision making. So, if it ain’t broke, don’t fix it…right?

As an IT professional myself, I realize how inundated your inbox and voice mail becomes with messages; cloud-this, virtual-that, next generation so & so…but why rock the boat, everything is working…AS FAR AS YOU KNOW.

There’s the old adage, if you don’t know what you don’t know then you can’t possibly be prepared. Additionally there are organizations that simply act like ostriches. They put their head in the sand, so therefore nothing bad can happen. Or then there’s the old chestnut, “well, we’ve never been breached/hacked/attacked before, so there is no need to change.” These are people who don’t know what they don’t know…or don’t want to know because it will force a change of the status quo.

For them, here’s a true story.

Once upon a time there was (and still is!) a large retail and design firm worth about 3/4s of a billion dollars. They were very vigilant with their security. At least they thought so. They had solid on-premise tools and had dedicated security resources.  Problem was, with the lingering effects of the recession, budgets got squeezed and resources became scarcer. And looking at cost centers, IT security had a target on its back.  This prompted the IT team to investigate alternative ways to drive down costs, but still maintain the level of readiness and watchfulness.

They examined a variety of alternatives and did significant due diligence. They found that by moving their SIEM and Log Management functions to the cloud, they would remove considerable capital expenditures and related costs. For practically the same cost they were paying for on premise solution support and maintenance, they could incorporate a cloud-managed enterprise-class solution to manage their network defenses. But this isn’t an economic parable.

Working in conjunction with the new cloud-based security experts, the folks at this retail organization recreated many of the rules, alerts, and escalations against a variety of servers and endpoints currently being monitored on the on-premise system. For the first month or so, they wanted systems to be redundant--just to ensure the new cloud-managed SIEM and Log management were catching all the activity and traffic required to help protect the IP and help the organization comply with PCI and SOX.

Ten days into the project, the phone rang.  The cloud security analyst wanted to inform the company that some unusual anomalies were detected on an internal server. It was initially diagnosed as a false positive, but the cloud analyst insisted that when correlated with other data from other servers, the intrusion was probably more than just a harmless blip.

The company reviewed its on-premise logs and could not verify the same problem. At this point the analyst was able to provide the precise server and trace the issue to a specific laptop. It was there they found the unauthorized download of what seemed to be a harmless email application, but had also nested some nasty botnets and malware. Acting quickly, they were able to quarantine the problem and diffuse the issue before a breach could occur.

But the story is not so much about cloud security saving the day, but rather how a new way of thinking and analyzing shined a light on inefficiencies, unexplored vulnerabilities and process breakdowns. It provided updated knowledge on how their users and customers were accessing and using their network resources.

Again, the moral of the story is not that cloud security is superior to all other security implementations, but rather if you don’t know what you don’t know, you can’t make the necessary adjustments to create new best practices and, in short, do the job better and more efficiently. However, whereas cloud-based security may not be better than other enterprise deployments, it IS more accessible to companies that aren’t listed on the Fortune 500. Therefore, if it is AS GOOD as a brand name enterprise tool, it would be considerably more effective than most initiatives deployed by the smaller and more moderately financed enterprises.

It allows these companies to know what they don’t know. It allows them to cast a wider net around their IT assets and better understand who is access what data and when. It allows them to monitor, in real time, all the events that are hitting every quarter of their IT infrastructure and make informed determinations based on situational context. Instead of phased, limited or partially deployed  security initiatives, companies benefit from a fully-powered, industrial-strength solution ready on Day 1. To further mix metaphors, think of it as an experienced geologist looking for oil. Generally, he knows what areas likely contain oil reserves. Additionally he knows what crude looks like.  Problem is, all he has is a trowel with which to search. So if the oil is not bubbling up to the top, it will go unnoticed and untapped. The geologist needs radar penetrating technology. He needs the means to reach the reserve; to understand and document the different strata of earth, detritus and bedrock. He needs a way to determine where the most advantageous position on the field for maximum yield lies. Without it, he’s bound to miss something.

But first, he has to know what he doesn’t know.

And before I let you go this week, I ask a favor. My company, CloudAccess is in the running for an cloud computing UP Award and I would welcome your support. Please vote for us: HERE

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@CloudExpo Stories
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
Announcing Poland #DigitalTransformation Pavilion
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
CloudEXPO | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors!
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
HyperConvergence came to market with the objective of being simple, flexible and to help drive down operating expenses. It reduced the footprint by bundling the compute/storage/network into one box. This brought a new set of challenges as the HyperConverged vendors are very focused on their own proprietary building blocks. If you want to scale in a certain way, let's say you identified a need for more storage and want to add a device that is not sold by the HyperConverged vendor, forget about it...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
"We're focused on how to get some of the attributes that you would expect from an Amazon, Azure, Google, and doing that on-prem. We believe today that you can actually get those types of things done with certain architectures available in the market today," explained Steve Conner, VP of Sales at Cloudistics, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Sanjeev Sharma Joins November 11-13, 2018 @DevOpsSummit at @CloudEXPO New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more than 24 years of IT Operations experience with a focus on highly-scalable architectures.
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.